Date: Sun, 13 Dec 2009 13:57:32 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/kern kern_jail.c src/sys/net rtsock.c src/sys/netinet raw_ip.c src/sys/netinet6 raw_ip6.c src/sys/sys jail.h Message-ID: <200912131358.nBDDwQOM093199@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
bz 2009-12-13 13:57:32 UTC
FreeBSD src repository
Modified files:
sys/kern kern_jail.c
sys/net rtsock.c
sys/netinet raw_ip.c
sys/netinet6 raw_ip6.c
sys/sys jail.h
Log:
SVN rev 200473 on 2009-12-13 13:57:32Z by bz
Throughout the network stack we have a few places of
if (jailed(cred))
left. If you are running with a vnet (virtual network stack) those will
return true and defer you to classic IP-jails handling and thus things
will be "denied" or returned with an error.
Work around this problem by introducing another "jailed()" function,
jailed_without_vnet(), that also takes vnets into account, and permits
the calls, should the jail from the given cred have its own virtual
network stack.
We cannot change the classic jailed() call to do that, as it is used
outside the network stack as well.
Discussed with: julian, zec, jamie, rwatson (back in Sept)
MFC after: 5 days
Revision Changes Path
1.128 +24 -1 src/sys/kern/kern_jail.c
1.185 +2 -2 src/sys/net/rtsock.c
1.225 +2 -2 src/sys/netinet/raw_ip.c
1.113 +1 -1 src/sys/netinet6/raw_ip6.c
1.52 +1 -0 src/sys/sys/jail.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912131358.nBDDwQOM093199>